prepared parameterized query with PDO
To create the connection try { $db = new PDO(“mysql:dbname=”.DB_NAME.”;host=”.DB_HOST,DB_USER,DB_PWD); } catch (PDOException $e) { die(“Database Connection Failed: ” . $e->getMessage()); } Then to prepare a statement $prep = $db->prepare(“SELECT * FROM `users` WHERE userid = ‘:id'”); As you can see, you label each parameter you’d like by prefixing any string with ‘:’. Then all … Read more